Installing a Commercial SSL Server Certificate (nginx)
This was the process to get the certificate for anyone who's interested:
- Pay first. Get an online account.
- Once they see the money they let you procede to the activation process.
- Create a certificate signing request thusly:
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
- Paste the content of
server.csrinto the CSR window.
- Verify - I chose the method "Place a file on your server that contains the activation code", and deleted the file again once that was done.
- Another Email with another link. Download the certificate and intermediate certificates all the way down to the root certificate (the one your browser actually "trusts"). They will have to get concatenated in the exact order they appear on the website:
cat actual_certificate.pem domain_validation.pem trusted_network.pem root.pem > cert.chained.pem(*)
nginxto use your
cert.chained.pem, as explained here.
That's it really.
I also tested the result with this command:
openssl s_client -connect dt.iki.fi:443
but really one can see it best in the Browser (click on the green lock).
(*) The certificate chain is explained nicely here.